On 2018/4/13 9:04, Jaegeuk Kim wrote: > On 04/10, Chao Yu wrote: >> Hi Jaegeuk, >> >> On 2018/4/8 16:13, Chao Yu wrote: >>> f2fs doesn't allow abuse on atomic write class interface, so except >>> limiting in-mem pages' total memory usage capacity, we need to limit >>> start-commit time as well, otherwise we may run into infinite loop >>> during foreground GC because target blocks in victim segment are >>> belong to atomic opened file for long time. >>> >>> Now, we will check the condition with f2fs_balance_fs_bg in >>> background threads, once if user doesn't commit data exceeding 30 >>> seconds, we will drop all cached data, so I expect it can keep our >>> system running safely to prevent Dos attack. >> >> Is it worth to add this patch to avoid abuse on atomic write interface by >> user? > > Hmm, hope to see a real problem first in this case.
I think this can be a more critical security leak instead of a potential issue which we can wait for someone reporting that can be too late. For example, user can simply write a huge file whose data spread in all f2fs segments, once user open that file as atomic, foreground GC will suffer deadloop, causing denying any further service of f2fs. Thanks, > >> Thanks, > > . >
